Doing something about "should remain private forever" emails
Hi,
So everyone knows that the declassification of -private isn't going to happen
any time soon. Why not do the opposite? there is probably more interest in
that and would be "easier" to implement.
At present, new DDs can access emails that were sent to -private years ago.
People who might (or might not) be a member of the project and sent an email
may not necessarily agree to that. Or a less controversial example: put
simply, if an unauthorised person gets a hand on master.d.o there is no hope
for those messages.
So, "the opposite" of declassifying: instead of finding out what can be
declassified, remove all "should remain private forever", VAC, and similar
messages from the archive and put them in a tarball which is later encrypted
by a key that is to be split using SSS. Effectively preventing people from
accessing those messages unless really necessary (to the extent that the
cooperation from people who have a part of the shared secret is needed).
Let's call this "d-private burial".
The process could be done for all messages older than d days (365, for
example) every m months (12, for example) and new tarballs could include the
previous one, so that only one tarball exists in master.d.o. Access to old
tarballs would then require those who have parts of the keys to the new ones
and those with parts of the keys of the old ones - or cracking the
encryption, whatever happens first.
Comments?
From a bag of random, years-old, thoughts,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply to: